CVE-2026-54982

Microsoft · Windows

An integer underflow in the Windows Reliable Multicast Transport Driver (RMCAST) allows an unauthenticated attacker to execute code over an adjacent network.

Executive summary

An integer underflow vulnerability in the Windows RMCAST driver could allow an unauthenticated attacker on an adjacent network to achieve arbitrary code execution.

Vulnerability

The vulnerability exists within the Reliable Multicast Transport Driver (RMCAST) due to an integer underflow condition. This flaw can be triggered by an attacker without authentication, provided they are located on the same adjacent network as the target.

Business impact

This vulnerability carries a CVSS score of 8.8, indicating a high level of risk. Because it allows for code execution without authentication, it could be leveraged to gain a foothold within a local network, leading to lateral movement, data theft, or total system compromise.

Remediation

Immediate Action: Apply the official security patches from Microsoft to all vulnerable systems as soon as they are available.

Proactive Monitoring: Monitor network traffic for anomalous multicast traffic patterns that might indicate exploitation attempts.

Compensating Controls: Utilize host-based and network-based firewalls to restrict access to multicast services and limit the exposure of vulnerable drivers to untrusted sources.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Due to the unauthenticated nature of this vulnerability and the potential for remote code execution, this patch should be treated with high urgency. Administrators should verify that all Windows systems are updated to the specified patched versions to neutralize the threat.